Meta

Security Lessons from Bletchley Park and Enigma

I had fun presenting at the DC4420 security meetup in London yesterday. The topic was “Security Lessons from Bletchley Park and Enigma” and the slides are now up on SlideShare.

We covered how the Enigma machine works, how Bletchley Park exploited German mistakes, and the five lessons I picked out were:

Cryptosystems have subtle flaws

Plan for key compromise

Users pick poor passwords

Pick a good RNG and trust it

Don’t underestimate the enemy

It was a friendly and knowledgeable audience, and one gentleman (CJ) suggested a sixth lesson: all cryptosystems have a shelf life. This came out of a discussion of the GSM A5/1 algorithm, and how the breaks in recent years came about probably because it is still in use over 20 years after it was designed; this is similar to the lifespan of Enigma, which was designed in 1918 but still in use by the Germans up to 1945.

It’s worth noting that Fritz Menzer, a cryptologist working for the German military, had developed two potential replacements for Enigma (SG-39 and SG-41, the digits being the year of the design) but they were never widely deployed due to production difficulties.

6 Responses to “Security Lessons from Bletchley Park and Enigma”

Many folks of late have started to learn about Bletchley Park, Enigma, code-breaking, etc etc owing at least in part to ‘The Bletchley Circle’ series on ITV in Britain, or PBS in Canada and USA. That’s how I happened upon this interesting post. I encourage people to check out the series. There’s a fan-based public site about the series now online at http://www.facebook.com/TheBletchleyCircleWatchers . It’s got a variety of posts about the first series, as well as the filming of the second one now ongoing, Bletchley Park history, lots more. Craig H, I will be looking at your Slideshare slides. Thanks for sharing.

Thanks for the pointer to the Facebook group! I was at Bletchley Park today, and they were just finishing putting things back in place after some filming last week for the second series of The Bletchley Circle. They were filming the Bombe, so that’s going to feature in some way…

One of the last features added was to smoothly scroll the rotors when a key is pressed or they are changed thru the ring. The touchscreen has a limited drawing speed, but by limiting the number of pixels changed at a time, the scrolling effect is possible.

Your enigma app really needs an Uhr though. I implemented it with the information at the crypto museum and Daniel Palloks Universal Enigma. His is the only implementation available online that simulates it.

Cool, it looks good! On implementing the Uhr; I agree it’s an interesting device. Have you ever found an original ciphertext that used it? I volunteer in the Bletchley Park archives, and very little of the ciphertext for the intercepted messages survives. Quite a lot of decrypts were kept, in particular for the Abwehr Enigma messages, and the intelligence summaries (what’s called the “Hut 3 Headlines”) but they clearly didn’t see any value in keeping the intercept sheets. The next thing I would like to add to our app is to support the Abwehr Enigma (type “G”). It’s interesting because of the slightly different mechanism, and because the messages encrypted with it had huge intelligence value, for example in verifying the success of the “D-Day Deception”. Supporting Italian naval Enigma would also be good, to commemorate the important work that Mavis Lever did on it, but not all the technical details of it are now known (some of the wheel wirings are unknown) – I keep an eye out for any information on it that may surface!

The stepping position, stepping mechanism (levers vs. cogs), rotor wiring and reflector wiring can be extracted by operating the machine and tracing the illuminated path. It is painful, but is what I had to do to recover the Uhr wiring from the cryptomuseum diagrams.